Politech is the oldest Internet resource devoted to politics and
technology. Launched in 1994 by Declan
McCullagh, the mailing list has chronicled the growing
intersection of culture, technology, politics, and law. Since
2000, so has the Politech web site.

[Fascinating, and horrifying. Politech readers will recall that a similar,
though shorter, recordkeeping requirement has been included in some drafts
of the Council of Europe treaty, which the U.S. Department of Justice
heartily supports. (http://www.politechbot.com/p-01136.html) Fortunately in
the U.S., it'll be harder for such a requirement to pass constitutional
muster because of our Third Amendment. :) Also note that instead of
standing up for privacy rights and opposing such a move, the U.K. Data
Protection Commissioner seems to be merely saying that such record-keeping
must be "put on a clear legal footing by statute." Thank heaven we don't
have such a commission here in the U.S. -- it would give Americans a false
sense of security, if the U.K. situation is any indication. Some excerpts
are below. --Declan]
********
>From: [anonymous]
>Date: Sun, 3 Dec 2000 19:31:39 +0000 (GMT)
>To: declan@well.com
>
>Declan,
>
>The controversial NCIS paper as described in todays London Observer can
>be found at:
>
>http://cryptome.org/ncis-carnivore.htm
>
>Sorry I have to do this anonymously. I'm sure you'll understand why.
********
>From: "Alan Docherty" <alan@netfreedom.org>
>To: "Declan McCullagh" <declan@well.com>
>Subject: Secret plan to spy on all British phone call
>Date: Sun, 3 Dec 2000 13:13:45 -0000
>
>Declan,
>
>It's little surprise that the British secret services are eager to increase
>their powers to intercept emails and telephone calls. This story from the
>Observer suggests that the government may be sympathetic to new powers.
>
>We've already had one piece of legislation this year, the Regulation of
>Investigatory Powers Act, which has made it is easier for the state and
>employers to read emails. Britain is looking less and less like a modern
>democracy every day.
>
>Alan Docherty
>
>Editor
>Internet Freedom News
>http://www.netfreedom.org
>
>
>
>Secret plan to spy on all British phone calls
>Kamal Ahmed, political editor
>Sunday December 3, 2000
>The Observer
>
>Britain's intelligence services are seeking powers to seize all records of
>telephone calls, emails and internet connections made by every person living
>in this country.
>
>A document circulated to Home Office officials and obtained by The Observer
>reveals that MI5, MI6 and the police are demanding new legislation to log
>every phone call made in this country and store the information for seven
>years at a vast government-run 'data warehouse', a super computer that will
>hold the information.
>
>The secret moves, which will cost millions of pounds, were last night
>condemned by politicians and campaigners as a sinister expansion of 'Big
>Brother' state powers and a fundamental attack on the public's right to
>privacy.
>
>Last night, the Home Office admitted that it was giving the plans serious
>consideration.
>
>Lord Cope, the Conservative peer and a leading expert on privacy issues,
>said: 'We are sympathetic to the need for greater powers to fight modern
>types of crime. But vast banks of information on every member of the public
>can quickly slip into the world of Big Brother. I will be asking serious
>questions about this.' Maurice Frankel, a leading campaigner on per sonal
>data issues, called the powers 'sweeping' and a cause for worry.
>
>The document, which is classified 'restricted', says new laws are needed to
>allow the intelligence services, Customs and Excise and the police access to
>telephone and computer records of every member of the public.
>
>It suggests that the Home Office is sympathetic to the new powers, which
>would be used to tackle the growing problems of cybercrime, the use of
>computers by paedophiles to run child pornography rings, as well as
>terrorism and international drug trafficking.
>
>Every telephone call made and received by a member of the public, all emails
>sent and received and every web page looked at would be recorded.
[snip. --DBM]
>http://www.observer.co.uk/Print/0,3858,4099838,00.html
***********
********
Excerpts from GCHQ document:
6.3 The total retention period for non-specific data before mandatory
deletion should be seven years. *[6.1.6]
7.1 Legislation should require CSPs either to retain data inhouse, or have
the option to outsource retention to a Trusted Third Party; either a
Government run Data Warehouse or to a private contractor's facility. [6.2.5]
Data less than 12 months old should be available live;
After 12 months, data to be archived and retained for a further 6 years.
1.1.1 This submission has been drafted by the Chairman of the ACPO Police
and Telecommunications Industry Strategy Group[1]. Its principles are
supported by ACPO, ACPO(S), HM Customs and Excise, the Security Service,
Secret Intelligence Service and GCHQ ("the Agencies"). The view of these
agencies is that law enforcement has a sound business case for the
substantial retention of communications data.
1.1.4 Informal discussions have also taken place with the Office of the
Data Protection Commissioner (DPC). Whilst they acknowledge that such
communications data may be of value to the work of the Agencies and the
interests of justice, they have grave reservations about longer term data
retention. The DPC believe that where there is no longer a CSP business use
for such data, existing legislation requires the long-term retention of
communications data to be put on a clear legal footing by statute.
1.2.2 Communications data is becoming increasingly important to provide
evidence to establish innocence. Premature deletion will seriously
compromise the interests of justice. Communications data has a unique value
to promoting a safe and free society. This provides the overriding
justification for longer-term retention.
2.3.1 Criminal elements have exploited the advances in telecommunications
to mask their activities; in particular organised terrorist groups, drug
traffickers, migrant smugglers, paedophiles, money launderers, race hate
groups and computer hackers, all of whom are major concerns to the LEAs and
Government. Retention of data that provides evidence of transaction,
association or conspiracy and the routing of the communication is vital.
2.5.1 In those cases where police and customs have been building their case
over a number of years, such as in offences of drugs importation, deletion
could provide the Prosecution with an unfair advantage. If CSPs delete data
within 12 months, by the time the matter is brought to a close with
arrests, data that the Prosecution has not obtained but which the Defence
could rely on to corroborate potential alibis will have been irretrievably
lost.
3.3.1 It is important to include transparency in the law to ensure the
public is aware of the impact of data retention on their personal privacy.
In the context of Article 8, ECHR, this is essential. Retention legislation
would also provide a better-defined statutory framework within which the
Office of the Data Protection Commissioner (DPC) can operate, making it
clearer to enforce and conduct their own investigations.
5.1.1 We should not restrict ourselves by trying to define the type of data
required for law enforcement, intelligence and criminal justice purposes.
Advances in telecommunications technology, both in respect of telephone and
Internet services, mean that precise language that defines data now may
quickly become outdated and too narrow. The material should be defined in
open terms, potentially using the same updated language as the European
Directive, e.g.: Subscriber data, Calling Line Identifier (CLI), Billing
data, Traffic data, and Location data, However, in relation to Internet
related data, definitions in the Directive do not include such vital
material as: Routing Logs; and Dynamic Internet Protocol Address
Allocation, etc. Agreement will be needed to ensure that the provisions of
Clause 20, Part 1, Chapter II, Regulation of Investigatory Powers Act can
be interpreted as widely as possible to include all Internet related data.
[Recommendation 4.1] Legislation should require every CSP to retain all
communications data originating or terminating in the UK, or routed through
the UK networks, including any such data that is stored offshore.
6.3.2 At the G8 Conference in Paris in May 2000, the Italian Delegation
explained the "Italian Solution" for data retention. Their Government and
Telecommunications Industry are proposing a national communications data
warehouse to store data from CSPs. This reflects the view expressed by some
UK experts who consider the only way forward is to create a Government
agency run "UK National Communications Data Warehouse". They estimate that
a £3 million investment would be needed. A parallel can be drawn with a
similar Home Office initiative, the National DNA Database, in which the
Government invested £3.4 million in start-up costs.
6.3.5 As an alternative, others suggest it may be less politically
sensitive to set up data warehouses operated by CSP sub-contractors. This
could avoid suggestions over the Government's collection of personal data.
A number of commercial interests have already entered into discussions with
CSPs to invest in such business ventures.
7.1.2 We recommend that the Home Office and DTI work with experts from the
Agencies, CSPs, ISPs, the CCRC and the Office of the DPC to reach a
decision quickly on "Data Retention" and develop a statutory framework for
the retention of communications data. Although the law enforcement
arguments for retention of data are critical, its use for a range of other
purposes should not be forgotten.
-------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------